CAPEC-670: Software Development Tools Maliciously Altered

An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.

High

Typical severity

Per MITRE

Low

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Detailed

Abstraction

MITRE classification

Overview

CAPEC-670 (Software Development Tools Maliciously Altered) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-670: Software Development Tools Maliciously Altered

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-670?

How do you prevent CAPEC-670?

How severe is CAPEC-670?

References

Defend against CAPEC-670

Overview

What the attacker needs

Prerequisites

Skills required

Consequences

How to mitigate it

Examples

Related attack patterns

Parent

Can precede

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CAPEC-670?

How do you prevent CAPEC-670?

How severe is CAPEC-670?

References

Defend against CAPEC-670